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REMARKS/ARGUMENTS 



Claims 1-27 were presented and examined. The Examiner rejected claims 1-27 under 35 
USC § 103(a), as being unpatentable over van Hoff (U.S. Patent No. 6,381,631, in view of 
Fernandez et <?/., "An Abstract Authorization System for the Internet", hereinafter referred to as 
"Fernandez". In this response, Applicant has amended claims 1-4, 6-8, and 10-24, canceled 
claims 25-27, and added claims 28-30, Claims 1-24 and 28-30 are pending, Applicant wishes to 
thank the Examiner for taking the time to discuss this application with the undersigned 
representative of Applicant 

Claim rejections under 35 USC 6 103^ 

The Examiner rejected claims 1-27 under Section 103(a) as being unpatentable over van 
Hoff in view of Fernandez, 

In response to the rejection of independent claim 1 and its dependent claims, Applicant 
has amended claim 1 to specify that detennining whether a client has access authority to a 
requested document includes determining whether the client has previously accessed a document 
that provides context for the requested document. Because support for this amendment is found 
in the specification as filed (see, e.g., paragraph beginning on page 7, line 14), the amendment 
introduces no new matter. 

The cited references do not teach or suggest the limitations recited in the amended claim. 
As acknowledged by the Examiner in the Office Action, van Hoff does not teach or suggest 
determining context restrictions on requested documents, van Hoff does not contain any such 
teaching or suggestion because van Hoff is exclusively concerned with network authentication, 
namely, the processes and procedures by which users gain access to local and remote networks 
including third party networks. As such, van Hoff says little if anything regarding access 
authority to individual documents . 

Supporting the Section 103(a), the Office Action relies on Fernandez. Fernandez 
describes an abstract model for an authentication method. Fernandez teaches that an 
authentication model may use rules of the form <S, O, T, P> where S indicates the user (subject), 
O indicates a document or component of a document, T indicates a valid access type and P 
indicates a predicate that constraints access. Fernandez goes on to give specific examples of 
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authorization rules that might be developed wider the proposed model. The three specific 
examples disclosed in Fernandez recite include a rule in which secretaries can modify forms in 
their own department, university presidents can create new forms, and graduate students can 
submit certain types of applications. In each of these examples, the authorization rules define 
authorization in terms of the relationship between the users (subjects) and the requested 
documents. In other words, the authorization rules described by Fernandez use the authorization 
predicate to confine authorization to documents based on the status of the different users . 

The authorization model described in Fernandez does not suggest the limitations of 
amended claim 1. Fernandez does not suggest an access authorization model in which access to 
one document is predicated upon the same user's previous access to another document. In 
contrast to the authorization rules based on user status taught by Fernandez, amended claim 1 
recites an authentication mechanism that is based on a relationship between the document being 
requested and other documents and, more specifically, other documents that the user has 
accessed previously accessed. 

Assuming, for the sake of this discussion, that the Fernandez authorization model is so 
broad as to encompass all possible predicate authorization scenarios including the predicate 
recited in amended claim 1 does not end the obviousness inquiry. MPEP § 2144.08 contains 
guidelines for determining whether the disclosure of a broad genus is sufficient to render a 
claimed species obvious. Although the MPEP discussion of this topic is limited to chemical 
compound situations, Applicant would submit that the reasoning is applicable to other 
technology areas. Referring to the flow diagram depicted at the end of MPEP 2144.08, Applicant 
submits that the determination of whether a broad disclosure of a genus renders a claimed species 
obvious is largely determined by the scope of the genus and the express teaching in the reference. 

The scope of the disclosed genus has a bearing on the obviousness of any species 
encompassed within the genus. When a genus encompasses only a small number of species, this 
fact would tend to weigh in favor of the obviousness of any claimed species. In the present case, 
however, the Fernandez authorization model arguably encompasses any authorization 
implementation that includes a predicate as part of the authorization rule. As such, Applicant 
submits that the scope of the Fernandez authorization model is too broad to render all species 
that fall within it obvious. 
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When the genus is too broad to make all of its component species obvious, the 
obviousness inquiry then focuses on whether the express teaching of the reference would have 
motivated one to selected the claimed species. In the present case, the express teaching of 
Fernandez would not motivate one to select the authorization implementation recited in amended 
claim 1 because, as indicated previously, the express teachings of Fernandez are limited to 
authorization models in which authorization to a document is based on the user status. In 
contrast, the authorization implementation recited in claimed 1 is based on a relationship 
between a first document and a second document. This fundamental distinction between 
Fernandez and the claimed invention is beyond the scope of what is suggested by Fernandez. 

When the express teachings of the cited reference do not motivate one to select the 
claimed species, the obviousness inquiry determines whether there is a teaching of structural 
similarity or any other teaching to support the selection of the species. Applicant submits that the 
cited references in this case contain no such teaching. Accordingly, Applicant believes that the 
amended claim 1 recites subject matter neither taught nor suggested by the cited references and 
Applicant respectfully requests the Examiner to reconsider and withdraw the Section 103(a) 
rejection of claim 1 and its independent claims. Analogous arguments apply to amended 
independent claim 10 and amended independent claim 19, 

With respect to dependent claims 2-4, Applicant has amended to recite that the 
determination of whether a client has previously accessed a document includes determining 
whether cookie information in the client request indicates that the client has previously access the 
document that provides context for the requested document. Because support for these 
amendments are found in the specification as filed (see, e.g., paragraph beginning on page 8, line 
25), no new matter is introduced by these amendments. The cited references do not teach or 
suggest the use of cookie information in enforcing authorization to context-restricted documents. 
The originally submitted claims recited "state information" in lieu of the "cookie information" 
recited in the amended claims. The Examiner found support for the rejection of "state 
information" limitations in column 6 of Fernandez, which discusses the exchange of digital 
certificates between a client and a remote network. Applicant submits that because Fernandez is 
describing a digital certificate technique for authorising a client to a remote network, Fernandez 
does not teach or suggest using cookie information contained in a client request to determine 
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whether the requestor has authority access to the requested document. Analogous reasoning 
applies to dependent claims 1 1-13 and 20-22. 

With respect to dependent claims 6-8, Applicant has amended to recite an indirect access 
authority based on infoimation in the Teferer field in a header of the request. Because support for 
these amendments are found in the specification as filed (see, e.g., paragraph beginning on page 
9, line 12), no new matter is introduced. The Examiner found support for rejecting originally 
submitted claim 6 in the description of van Hoff regarding a mechanism by which a user, having 
authenticated himself to a connection manager can then connect to other networks without re- 
authenticating, Applicant submits that the van Hoff discussion of connecting to remote networks 
based on previous auth entication to a connection manage does not teach or suggest the use of the 
referer field in a client request to determine whether the client has access authority to a requested 
document Accordingly, Applicant would respectfully request the Examiner to reconsider and 
withdraw the rejections of claims 6-8. Analogous arguments apply to claims 15-17 and to claim 



Applicant has also amended claims 10-24 to replace the "code means for" language with 
"instructions for" language. These amendments are not made for any purpose related to 
patentability, but are made because Applicant believes that the amended language improves the 
clarity of the claims. 

In addition to the foregoing, Applicant has submitted a new independent claim 28 and 
two new dependent claims 29 and 30. Claim 28 recites a computer program product including 
instruction for detennining whether a first document is context restricted document that is 
accessible only after accessing a preceding document and instructions for processing cookie 
information in a client request to determine whether the client has accessed a preceding 
document that provides the context for the requested document. Support for these claim 
limitations are found in the specification as filed (see, e.g., paragraph beginning on page 8, line 
25). This new independent claim recites an embodiment of the invention in which access to a 
document that is part of a series of documents is made accessible to the client only after the client 
accesses a document which precedes the requested document thereby enabling the server to 
control the sequence in which a client accesses, for example, a multi-page document. In 
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addition, claim 28 recites that the claimed program product processes cookie information to 
determine whether the client has previously accessed the predicate document. 

The cited references neither disclose nor suggest the limitations recited in claim 28. van 
Hoff, as discussed previously, is solely concerned with the way in which users connect to 
networks generally, Fernandez describes only a broad authorization model without any teaching 
or suggestion that would motivate one to implement the specific implementation recited in claim 
28, More specifically, Fernandez only motivates one to implement various authorization 
mechanism in which access to documents is predicated upon a user's status or classification. As 
such, the cited references do not teach or suggest the limi tations of the new claim. New claim 29 
further refines claim 28 to recite that the cookie information is sent to the client when the client 
access the preceding document and that the cookie indicates the location of the requested 
document New claim 30 refines claim 29 even further by reciting the that cookie information 
sent following the client accessing the preceding document indicates a directory path of the 
requested document. The cited references contain no teaching or suggestion of these limitations. 
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CONCLUSION 



In this response, Applicant has addressed the Examiner's claim rejections under 35 USC 
§ 103(a). Accordingly, Applicant believes that this response constitutes a complete response to 
each of the issues raised in the office action. In light of the amendments made herein and the 
accompanying remarks, Applicant believes that the pending claims are in condition for 
allowance. Accordingly, Applicant would request the Examiner to withdraw the rejections, 
allow the pending claims, and advance the application to issue. If the Examiner has any 
questions, comments, or suggestions, the undersigned attorney would welcome and encourage a 
telephone conference at 512.428.9872, 



Lally & Lally, l.l.p. 
P.O. Box 684749 
Austin, Texas 78768-4749 
512.428.9870 
512.428.9871 (Fax) 




Respectfully submitted, 



'PL1CANT(S) 



JPL/nrmm 
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